Tech

Global Malware Hackers Use Social Media to Escape Cyber Sleuths

Malware has gone global, with Asia and Eastern Europe the two main malware hotspots, according to a new report from an online security company. The company says hackers are using new techniques, such as exploiting social media, to escape detection.

According to a report published Tuesday by online security firm FireEye, there were 185 countries hosting "command and control" (C&C) servers in 2012. These servers are the central nodes that send commands to malware-infected computers. By comparison, in 2010 and 2011, the company detected C&C servers in 150 and 130 countries, respectively.

For Rob Rachwald, director of market research at FireEye, the global spread of malware is not only a byproduct of more countries going online and having a stronger infrastructure — it's also because creating malware is becoming relatively easy.

"You really don't need to do a lot in order to develop your own malware package," he says.

To better illustrate how malware spreads globally, FireEye has created an interactive map displaying the results of its report. For this study, the company has monitored and analyzed more than 12 million so-called "callbacks" across thousands of infected computers. Callbacks are connections from malware-infected computers to C&C servers.

Despite being present in virtually every country in the world, the numbers clearly indicate where the two main malware hubs are.

"There's really two centers of gravity for these types of thing," Rachwald says. "One is Asia, and the other one is Eastern Europe."

In fact, China, Korea, India, Japan and Hong Kong account for 24% of the world's volume of callbacks. Eastern Europe, including Russia, Poland, Romania, Ukraine, Kazakhstan and Latvia, is close with 22%. While 44% of callbacks still originate from the United States, the researchers note that number is deceiving, because a lot of C&C servers are located in the US to prevent investigators from easily identifying the origins of the attacks.

The researchers also report that cyber criminals are adapting and embracing new ways of escaping detection by using social media networks like Facebook, Twitter and even the Chinese search giant Baidu.

"It's actually an evasion technique," Rachwald says. "It's a way to avoid being detected, to try to look as normal as possible."

Hackers are making malware that, instead of connecting to traditional C&C servers, which would be easier to detect, connects with social networks or search engines to receive updates. This is a technique researchers have already seen in recent cyberattacks. The cyberespionage malware dubbed Miniduke used fake Twitter accounts to connect to C&C servers.

Another interesting finding is that 89% of every "advanced persistent threat" (APT) — a word commonly used to refer to sophisticated and long-standing cyber attacks — are carried out with Chinese-made tools. Rachwald notes that this doesn't mean that the Chinese government or even Chinese hackers are behind all those attacks, but simply that the hackers, wherever they are, use tools that were first developed in China.

Rachwald compares this malware proliferation to what happens in real life, when different countries copy technology or weapons (like drones) developed in other nations.

"That type of cross-pollination is much, much faster in the cyber world," he says, pointing out that it's much easier to copy or reverse-engineer malicious code than physically build a missile or a drone.

The most-used malware tool is called "Gh0st RAT" (which stands for Remote Administration Tool), a type of trojan that takes control of a computer and can log a user's every keystroke, take screenshots of what appears on the screen and even turn on and off the webcam to spy on the computer's owner.

The researchers finally note that the United States is still the primary target of most cyberattacks, "due to a very high volume and concentration of intellectual property and digitized data," the report reads. That's why 66% of APT-focused command and control servers are actually hosted in the United States.

What's Hot

More in Tech

What's New

What's Rising

What's Hot

Mashable
is a leading source for news, information and resources for the Connected Generation. Mashable reports on the importance of digital innovation and how it empowers and inspires people around the world. Mashable's record 42 million unique visitors worldwide and 21 million social media followers are one of the most influential and engaged online communities. Founded in 2005, Mashable is headquartered in New York City with an office in San Francisco.